jimhu at tamu
May 9, 2012, 8:27 AM
Post #1 of 1
I just threw together a simple tag extension to embed a twitter live stream search widget from
sanitizing tag extension parameters for js output
in a wiki page. It just takes the following parameters from $input:
These get dropped into a <script> that is returned. It works, but now I'm wondering what I should do to sanitize the values of title, subject, and query. I don't want to just use In the js, the values are all inside single quotes. I was thinking that I would use strip_tags combined with substituting single quotes with '
preg_replace('/\W/', '', $t)
would disallow hashtags and @'s, right?
Dept. of Biochemistry and Biophysics
Texas A&M Univ.
College Station, TX 77843-2128
MediaWiki-l mailing list
MediaWiki-l [at] lists